﻿using FangPage.Common;
using FangPage.Core;
using FangPage.Data;
using FangPage.User.Model;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Text;

namespace FangPage.User.Controller
{
    public class login : FPController
    {
        public override void Controller()
        {
            if (ispost)
            {
                string username = FPRequest.GetString("username");

                if (username == "")
                {
                    FPResponse.WriteErr("用户名不能为空。");
                    return;
                }

                string password = FPRequest.GetString("password");

                if (password == "")
                {
                    FPResponse.WriteErr("用户名不能为空。");
                    return;
                }

                SqlParam[] where =
                {
                    DbHelper.MakeAndWhere("username",username),
                    DbHelper.MakeAndWhere("password",FPUtils.MD5(password))
                };

                UserInfo userinfo = DbHelper.ExcuteModel<UserInfo>(where);

                if (userinfo.id.IsNullOrEmpty())
                {
                    FPResponse.WriteErr("用户名或密码错误。");
                    return;
                }

                if (userinfo.status != 1)
                {
                    FPResponse.WriteErr("对不起，该用户已被禁用。");
                    return;
                }

                RoleInfo roleinfo = DbHelper.ExcuteModel<RoleInfo>(userinfo.roleid);

                string token = FPUtils.MD5(username + userinfo.password + userinfo.id);

                AuthInfo authinfo = new AuthInfo();
                authinfo.islogin = true;
                authinfo.username = userinfo.username;
                authinfo.userid = userinfo.id;
                authinfo.token = token;
                authinfo.realname = userinfo.realname;
                authinfo.roleid = userinfo.roleid;
                authinfo.rolename = roleinfo.name;
                authinfo.departid = userinfo.departid;
                authinfo.departname = userinfo.departname;
                authinfo.departs = roleinfo.departs;
                authinfo.isadmin = roleinfo.isadmin;

                var claims = new List<Claim>(){
                   new Claim(ClaimTypes.Name,authinfo.username),
                   new Claim("userid",userinfo.id),
                   new Claim("token",authinfo.token),
                   new Claim("realname",authinfo.realname),
                   new Claim("roleid",authinfo.roleid),
                   new Claim("rolename",authinfo.rolename),
                   new Claim("departid",authinfo.departid),
                   new Claim("departname",authinfo.departname),
                   new Claim("departs",authinfo.departs),
                   new Claim("isadmin",authinfo.isadmin.ToString())
                };

                var userPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "Customer"));

                HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, userPrincipal, new AuthenticationProperties
                {
                    ExpiresUtc = DateTime.UtcNow.AddMinutes(180),

                    IsPersistent = false,

                    AllowRefresh = false
                });

                var res = new { code = 0, msg = "登录成功。", user = authinfo };

                FPResponse.WriteJson(res);
            }
        }
    }
}
